AVP/Sr. Assoc, Application Security Engineer, Information Security Services, Group Technology

Job Description - AVP/Sr. Assoc, Application Security Engineer, Information Security Services, Group Technology (250000D6)

Job Description

Group Technology enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Tech, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

The Application Security Engineer plays an instrumental role in ensuring the security of applications developed within the bank. This role focuses on implementing robust application security practices, conducting thorough vulnerability and root cause analyses, and exploring innovative Generative AI (GenAI) use cases to enhance application security outcomes. The individual will contribute to strengthening the secure Software Development Life Cycle (SDLC) and fostering a security-aware development culture through training and advisory.

• Participate and execute vulnerability analysis and root cause investigations for identified security findings.
• Develop and integrate GenAI capabilities into existing application security tools (SAST, DAST/IAST) and processes, providing intelligent automation for security testing, vulnerability analysis, and secure coding guideline enforcement.
• Implement Python-based automation and GenAI solutions to enhance Secure SDLC practices.
• Provide advisory on application security tools and processes, including IAST, and secure coding guidelines.
• Collaborate with development teams to ensure the timely and effective remediation of security vulnerabilities.
• Contribute to the training and education of developers on secure coding practices and application security best practices.
• Stay up-to-date with the latest security trends, technologies, and industry developments to recommend and implement innovative solutions.

• Bachelor's or master's degree in computer science, Information Technology, or a related field.
• Minimum 5 years of experience in a cybersecurity engineering, information security, or software development role, with a strong focus on secure software development practices, preferably in the financial services industry.
• Practical development experience with Python and one or more coding and scripting languages such as Java and/or Node.js
• Strong understanding of cybersecurity principles, frameworks, and best practices, such as NIST and OWASP.
• Experience applying DevSecOps principles including CI/CD, configuration, and infrastructure (Unix/Linux) as code, and auto-remediation.
• Excellent problem-solving, analytical, and critical thinking skills to identify and address complex security challenges.
• Ability to work collaboratively with cross-functional teams and communicate technical information to both technical and non-technical stakeholders.

• Able to work with technology experts at all levels of the hierarchy with credibility.
• Self-starter: Takes initiative, understands the broader picture, is open to new ideas, and prepared to innovate.
• Strong desire to learn and adapt to new technologies, especially in the rapidly evolving fields of AI/ML and cybersecurity.
• Dependable: Demonstrated commitment to completing tasks from initiation through to completion.

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.